From a3665b05a3ab0b52b348477542f3d365f8d4705d Mon Sep 17 00:00:00 2001 From: Vriken Date: Tue, 10 Dec 2024 10:12:15 +0100 Subject: [PATCH 1/6] hashing and enabling server side cookies --- template.js | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/template.js b/template.js index e81a1e1..98306b0 100644 --- a/template.js +++ b/template.js @@ -24,6 +24,7 @@ const Promise = require('Promise'); const decodeUriComponent = require('decodeUriComponent'); const createRegex = require('createRegex'); const makeString = require('makeString'); +const sha256Sync = require('sha256Sync'); const requestMethod = getRequestMethod(); const path = getRequestPath(); @@ -387,7 +388,7 @@ function storeClientId(eventModel) { samesite: getCookieType(eventModel), secure: true, 'max-age': 63072000, // 2 years - httpOnly: false, + httpOnly: true, }); } } @@ -578,7 +579,7 @@ function getClientId(eventModels) { 'dcid.1.' + getTimestampMillis() + '.' + - generateRandom(100000000, 999999999) + sha256Sync(makeString(generateRandom(100000000, 999999999))) ); } return ''; From 6259ec46b938edd7b7d2b83cde64d4aa57a0c598 Mon Sep 17 00:00:00 2001 From: Vriken Date: Wed, 11 Dec 2024 16:34:57 +0100 Subject: [PATCH 2/6] adding button for writing httpOnly _dcid --- template.js | 7 +++---- template.tpl | 32 ++++++++++++++++++-------------- 2 files changed, 21 insertions(+), 18 deletions(-) diff --git a/template.js b/template.js index 98306b0..0ef7b7b 100644 --- a/template.js +++ b/template.js @@ -24,7 +24,6 @@ const Promise = require('Promise'); const decodeUriComponent = require('decodeUriComponent'); const createRegex = require('createRegex'); const makeString = require('makeString'); -const sha256Sync = require('sha256Sync'); const requestMethod = getRequestMethod(); const path = getRequestPath(); @@ -388,7 +387,7 @@ function storeClientId(eventModel) { samesite: getCookieType(eventModel), secure: true, 'max-age': 63072000, // 2 years - httpOnly: true, + httpOnly: data.httpOnlyCookie, }); } } @@ -579,7 +578,7 @@ function getClientId(eventModels) { 'dcid.1.' + getTimestampMillis() + '.' + - sha256Sync(makeString(generateRandom(100000000, 999999999))) + generateRandom(100000000, 999999999) ); } return ''; @@ -633,4 +632,4 @@ function parseUrlEncoded(data) { } return parsedData; -} +} \ No newline at end of file diff --git a/template.tpl b/template.tpl index 1c346f4..4e0090a 100644 --- a/template.tpl +++ b/template.tpl @@ -36,6 +36,14 @@ ___TEMPLATE_PARAMETERS___ "simpleValueType": true, "help": "If enabled, the server only accessible FPID cookie, generated by UA/GA4 client, will be duplicated to FPIDP cookie, which will be accessible from the client JS. Highly recommend using this option only in case it is necessary." }, + { + "type": "CHECKBOX", + "name": "httpOnlyCookie", + "checkboxText": "Write the _dcid cookie as HttpOnly", + "simpleValueType": true, + "help": "If enabled, the _dcid cookie will be written with the HttpOnly flag, making it non-accsessible by javascript." + "defaultValue": false + }, { "type": "CHECKBOX", "name": "generateClientId", @@ -638,20 +646,16 @@ function addRequiredParametersToEventModel(eventModel) { return eventModel; } -function exposeFPIDCookie(eventModel) { - if (data.exposeFPIDCookie) { - let fpid = getCookieValues('FPID'); - - if (fpid.length) { - setCookie('FPIDP', fpid[0], { - domain: 'auto', - path: '/', - samesite: getCookieType(eventModel), - secure: true, - 'max-age': 63072000, // 2 years - httpOnly: false, - }); - } +function storeClientId(eventModel) { + if (data.generateClientId) { + setCookie('_dcid', eventModel.client_id, { + domain: 'auto', + path: '/', + samesite: getCookieType(eventModel), + secure: true, + 'max-age': 63072000, // 2 years + httpOnly: data.httpOnlyCookie, + }); } } From a8fbe50a81fd1acc5245458513d2e9ed96d0b49e Mon Sep 17 00:00:00 2001 From: Vriken Date: Wed, 11 Dec 2024 16:37:23 +0100 Subject: [PATCH 3/6] not removing other functions :) --- template.tpl | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/template.tpl b/template.tpl index 4e0090a..b5eab7a 100644 --- a/template.tpl +++ b/template.tpl @@ -41,7 +41,7 @@ ___TEMPLATE_PARAMETERS___ "name": "httpOnlyCookie", "checkboxText": "Write the _dcid cookie as HttpOnly", "simpleValueType": true, - "help": "If enabled, the _dcid cookie will be written with the HttpOnly flag, making it non-accsessible by javascript." + "help": "If enabled, the _dcid cookie will be written with the HttpOnly flag, making it non-accsessible by javascript.", "defaultValue": false }, { @@ -646,16 +646,20 @@ function addRequiredParametersToEventModel(eventModel) { return eventModel; } -function storeClientId(eventModel) { - if (data.generateClientId) { - setCookie('_dcid', eventModel.client_id, { - domain: 'auto', - path: '/', - samesite: getCookieType(eventModel), - secure: true, - 'max-age': 63072000, // 2 years - httpOnly: data.httpOnlyCookie, - }); +function exposeFPIDCookie(eventModel) { + if (data.exposeFPIDCookie) { + let fpid = getCookieValues('FPID'); + + if (fpid.length) { + setCookie('FPIDP', fpid[0], { + domain: 'auto', + path: '/', + samesite: getCookieType(eventModel), + secure: true, + 'max-age': 63072000, // 2 years + httpOnly: false, + }); + } } } @@ -667,7 +671,7 @@ function storeClientId(eventModel) { samesite: getCookieType(eventModel), secure: true, 'max-age': 63072000, // 2 years - httpOnly: false, + httpOnly: data.httpOnlyCookie, }); } } From 0d9620f1c4f13f262b021368f521a236451ce162 Mon Sep 17 00:00:00 2001 From: Vriken Date: Wed, 11 Dec 2024 16:37:23 +0100 Subject: [PATCH 4/6] not removing other functions :) --- template.tpl | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/template.tpl b/template.tpl index b5eab7a..805e0c8 100644 --- a/template.tpl +++ b/template.tpl @@ -44,6 +44,14 @@ ___TEMPLATE_PARAMETERS___ "help": "If enabled, the _dcid cookie will be written with the HttpOnly flag, making it non-accsessible by javascript.", "defaultValue": false }, + { + "type": "CHECKBOX", + "name": "httpOnlyCookie", + "checkboxText": "Write the _dcid cookie as HttpOnly", + "simpleValueType": true, + "help": "If enabled, the _dcid cookie will be written with the HttpOnly flag, making it non-accsessible by javascript.", + "defaultValue": false + }, { "type": "CHECKBOX", "name": "generateClientId", @@ -671,7 +679,7 @@ function storeClientId(eventModel) { samesite: getCookieType(eventModel), secure: true, 'max-age': 63072000, // 2 years - httpOnly: data.httpOnlyCookie, + httpOnly: false, }); } } From f955518606184c5aca512ec9b40407290dc7ef4d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=85ke=20Rosvall?= Date: Thu, 12 Dec 2024 10:48:23 +0100 Subject: [PATCH 5/6] Adding or false --- template.js | 2 +- template.tpl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/template.js b/template.js index 0ef7b7b..ae65e40 100644 --- a/template.js +++ b/template.js @@ -387,7 +387,7 @@ function storeClientId(eventModel) { samesite: getCookieType(eventModel), secure: true, 'max-age': 63072000, // 2 years - httpOnly: data.httpOnlyCookie, + httpOnly: data.httpOnlyCookie || false, }); } } diff --git a/template.tpl b/template.tpl index 805e0c8..a3cd046 100644 --- a/template.tpl +++ b/template.tpl @@ -679,7 +679,7 @@ function storeClientId(eventModel) { samesite: getCookieType(eventModel), secure: true, 'max-age': 63072000, // 2 years - httpOnly: false, + httpOnly: data.httpOnlyCookie || false }); } } From 30335494ec99ac0df5c2a4c80595c1679e828097 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=85ke=20Rosvall?= Date: Thu, 12 Dec 2024 13:22:01 +0100 Subject: [PATCH 6/6] Fixing duplicate checkbox --- template.tpl | 8 -------- 1 file changed, 8 deletions(-) diff --git a/template.tpl b/template.tpl index a3cd046..3189399 100644 --- a/template.tpl +++ b/template.tpl @@ -44,14 +44,6 @@ ___TEMPLATE_PARAMETERS___ "help": "If enabled, the _dcid cookie will be written with the HttpOnly flag, making it non-accsessible by javascript.", "defaultValue": false }, - { - "type": "CHECKBOX", - "name": "httpOnlyCookie", - "checkboxText": "Write the _dcid cookie as HttpOnly", - "simpleValueType": true, - "help": "If enabled, the _dcid cookie will be written with the HttpOnly flag, making it non-accsessible by javascript.", - "defaultValue": false - }, { "type": "CHECKBOX", "name": "generateClientId",